<?php
/*
Bitsand - a web-based booking system for LRP events
Copyright (C) 2006 - 2009 The Bitsand Project (http://bitsand.googlecode.com/)

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

//Do not need login check for this page
$bLoginCheck = False;

include ('inc/inc_head_db.php');
$db_prefix = DB_PREFIX;

// Get POST into variables
$email = $_POST ['email'];
$password = sha1 ($_POST ['password'] . PW_SALT);
$ic = (bool) isset ($_POST ['ic']);
$ooc = (bool) isset ($_POST ['ooc']);

//Set up & run query
$sql = "SELECT plPlayerID FROM {$db_prefix}players " .
	"WHERE plEmail LIKE '" . ba_db_real_escape_string ($link, $email) .
	"' AND plPassword = '$password'";
$result = ba_db_query ($link, $sql);
if (ba_db_num_rows ($result) > 1)
	//Log warning if there was more than one row returned
	LogWarning ("export.php - more than one result from e-mail and password\n$sql");
if (ba_db_num_rows ($result) > 0) {
	//Successfully logged in
	$row = ba_db_fetch_assoc ($result);
	$id = $row ['plPlayerID'];
}
else
	die ('Wrong e-mail/password');

header("Content-Type: application/xml");
// First two characters are broken up to prevent GrepForIssues.sh false positives
echo "<" . "?xml version='1.0'?>\n\n<player>\n";

//Get OOC details
if ($ooc) {
	$key = CRYPT_KEY;
$sql = "SELECT plFirstName, " .
	"plSurname, " .
	"AES_DECRYPT(pleAddress1, '$key') AS dAddress1, " .
	"AES_DECRYPT(pleAddress2, '$key') AS dAddress2, " .
	"AES_DECRYPT(pleAddress3, '$key') AS dAddress3, " .
	"AES_DECRYPT(pleAddress4, '$key') AS dAddress4, " .
	"AES_DECRYPT(plePostcode, '$key') AS dPostcode, " .
	"AES_DECRYPT(pleTelephone, '$key') AS dTelephone, " .
	"AES_DECRYPT(pleMobile, '$key') AS dMobile, " .
	"plEmail, " .
	"plDOB, " .
	"AES_DECRYPT(pleMedicalInfo, '$key') AS dMedicalInfo, " .
	"plEmergencyName, " .
	"AES_DECRYPT(pleEmergencyNumber, '$key') AS dEmergencyNumber, " .
	"plEmergencyRelationship, " .
	"plCarRegistration, " .
	"plDietary, " .
	"plBookAs, " .
	"plBunkRequested, " .
	"plNotes, " .
	"plEventPackByPost " .
	"FROM {$db_prefix}players WHERE plPlayerID = $id";

	$result = ba_db_query ($link, $sql);
	$row = ba_db_fetch_assoc ($result);

	//OOC XML
	echo "\t<ooc>\n";
	echo "\t\t<firstname>{$row ['plFirstName']}</firstname>\n";
	echo "\t\t<surname>{$row ['plSurname']}</surname>\n";
	echo "\t\t<address1>{$row ['dAddress1']}</address1>\n";
	echo "\t\t<address2>{$row ['dAddress2']}</address2>\n";
	echo "\t\t<address3>{$row ['dAddress3']}</address3>\n";
	echo "\t\t<address4>{$row ['dAddress4']}</address4>\n";
	echo "\t\t<postcode>{$row ['dPostcode']}</postcode>\n";
	echo "\t\t<telephone>{$row ['dTelephone']}</telephone>\n";
	echo "\t\t<mobile>{$row ['dMobile']}</mobile>\n";
	echo "\t\t<email>{$row ['plEmail']}</email>\n";
	echo "\t\t<dob>{$row ['plDOB']}</dob>\n";
	echo "\t\t<medicalinfo>{$row ['dMedicalInfo']}</medicalinfo>\n";
	echo "\t\t<emergencyname>{$row ['plEmergencyName']}</emergencyname>\n";
	echo "\t\t<emergencynumber>{$row ['dEmergencyNumber']}</emergencynumber>\n";
	echo "\t\t<emergencyrelationship>{$row ['plEmergencyRelationship']}</emergencyrelationship>\n";
	echo "\t\t<carregistration>{$row ['plCarRegistration']}</carregistration>\n";
	echo "\t\t<dietary>{$row ['plDietary']}</dietary>\n";
	echo "\t\t<bookas>{$row ['plBookAs']}</bookas>\n";
	echo "\t\t<bunkrequested>{$row ['plBunkRequested']}</bunkrequested>\n";
	echo "\t\t<oocnotes>{$row ['plNotes']}</oocnotes>\n";
	echo "\t\t<eventpackbypost>{$row ['plEventPackByPost']}</eventpackbypost>\n";
	echo "\t</ooc>\n";
}

if ($ic) {
	$sql = "SELECT * FROM {$db_prefix}characters WHERE chPlayerID = $id";
	$result = ba_db_query ($link, $sql);
	$row = ba_db_fetch_assoc ($result);

	//IC XML
	echo "\t<ic>\n";
	echo "\t\t<name>{$row ['chName']}</name>\n";
	echo "\t\t<preferredname>{$row ['chPreferredName']}</preferredname>\n";
	echo "\t\t<race>{$row ['chRace']}</race>\n";
	echo "\t\t<gender>{$row ['chGender']}</gender>\n";
	echo "\t\t<groupsel>{$row ['chGroupSel']}</groupsel>\n";
	echo "\t\t<grouptext>{$row ['chGroupText']}</grouptext>\n";
	echo "\t\t<faction>{$row ['chFaction']}</faction>\n";
	echo "\t\t<ancestor>{$row ['chAncestor']}</ancestor>\n";
	echo "\t\t<ancestorsel>{$row ['chAncestorSel']}</ancestorsel>\n";
	echo "\t\t<location>{$row ['chLocation']}</location>\n";
	echo "\t\t<npc>{$row ['chNPC']}</npc>\n";
	echo "\t\t<icnotes>{$row ['chNotes']}</icnotes>\n";
	echo "\t\t<osp>{$row ['chOSP']}</osp>\n";
	echo "\t</ic>\n";
}

echo "</player>\n";
?>
